Re: pop3

To: Moe Harley <moeser@airswitch.net>
Cc: debian-security@lists.debian.org
Subject: Re: pop3
From: Pedro Zorzenon Neto <pzn@terra.com.br>
Date: Sun, 29 Jul 2001 20:24:37 -0300
Message-id: <[🔎] 20010729202437.A4186@mantis.autsens.localnet>
Reply-to: pzn@terra.com.br
In-reply-to: <[🔎] 003001c1186a$e79842c0$0a01a8c0@5geeks.com>
References: <[🔎] 003001c1186a$e79842c0$0a01a8c0@5geeks.com>

On Sun, Jul 29, 2001 at 02:13:17PM -0600, Moe Harley wrote:
> Thought i'd ask what the general opinion is on the most secure pop3 daemon.
> I need to install a pop3 damon on my debian machine, but I wanted to get a
> good idea from you guys on which one to install.

Hi Moe,

  All POP3 services are not safe, because they send plain-text login and password. And your login/password could be the same of your shell acount, so people can sniff it and use it to telnet to your machine.
  You could try package "qpopper" that supports APOP autentication that does not send the password in plain text. It also suport to use diferent passwords for pop and shell services. after installing it, read "man popauth" and "man popper". In this case, the client should also support APOP protocol.

  I don't know about ssh, but there should be some pop over ssh/ssl service that is safer.

  Another option could be installing a webmail service over https in this machine - but this is not a pop service; that's webmail. In this case, try "imp" and "apache-ssl" packages.

  I hope this will help you.
    Pedro

Reply to:

Follow-Ups:
- Re: pop3
  - From: Rob Hudson <rob@euglug.net>
- Re: pop3
  - From: Hubert Chan <hackerhue@geek.com>

References:
- pop3
  - From: "Moe Harley" <moeser@airswitch.net>

Prev by Date: pop3
Next by Date: Re: pop3
Previous by thread: pop3
Next by thread: Re: pop3
Index(es):
- Date
- Thread